Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Tracking Processors: Etag Beacon Processor

    This processor is not intended to identify hacking activity, but instead is intended to help resolve a potential vulnerability in the proxy. Because session tracking in the proxy is done using cookies, it is possible for an attacker to clear their cookies in order to be recognized by the proxy as a new user. This means that if we identify that someone is a hacker, they can shed that classification simply by clearing their cookies. To help resolve this vulnerability, this processor attempts to store identifying information in the browsers JavaScript persistence mechanism. It then uses this information to attempt to identify new sessions as being created by the same user as a previous session. If successful, a hacker who clears their cookies and obtains a new session will be re-associated with the previous session shortly afterwards.

    Table 1: Etag Beacon Processor Configuration Parameters

    Parameter

    Type

    Default Value

    Description

    Basic

    Processor Enabled

    Boolean

    True

    Whether traffic should be passed through this processor.

    Advanced

    Beacon Resource

    Configurable

    Random

    The resource to use for tracking.

    Inject Beacon Enabled

    Boolean

    True

    Whether a reference to the beacon resource should be automatically injected into HTML responses.

    Revalidation Frequency

    Integer

    180 (3 Minutes)

    How often in seconds to re-validate the old stored etag and re-associate that session with the current one. This value should not be left too short, because it will cause the browser to constantly re-request the fake resource and make the tracking technique more visible.

    Incident: Session Etag Spoofing

    Boolean

    True

    The user has provided a fake ETag value which is not a valid session.

    Published: 2015-02-04